AAD Role Assignments

[banned1996]

Is it possible to define a role assignment with M365DSC?
The properties within AADRoleSetting or AADRoleDefinition do not seem to do that, or am I missing something here?
In EXO, there is a Resource available (EXORoleAssignmentPolicy)

BR

[banned1996]

In addition, I'm having the issue that DSC does not have sufficient privileges when trying to remove a O365User who has assigned roles (does not matter if its eligible or active).

(Btw, I also executed Update-M365DSCAllowedGraphScopes to update the permissions)

Update: I tried a workaround: Putting the user into a group which has the role assigned. But unfortunately, this also does not work.

So, I think currently this is not supported.

[mlhickey]

I believe you need to be PRA/GA when attempting to remove a user who is also a role holder

In addition, I'm having the issue that DSC does not have sufficient privileges when trying to remove a O365User who has assigned roles (does not matter if its eligible or active).

(Btw, I also executed Update-M365DSCAllowedGraphScopes to update the permissions)

Update: I tried a workaround: Putting the user into a group which has the role assigned. But unfortunately, this also does not work.

So, I think currently this is not supported.

I believe you need to be GA to remove a user who is an administrative role holder.

[NikCharlebois]

@banned1996 as part of our breaking change release on October 5th, we will be renaming the O365User resource to AADUser and will introduce support for roles.